CVE-2022-41562

EPSS 0.46%
Published 13.12.2022 19:15:12
Last modified 21.11.2024 07:23:24
Source security@tibco.com
Teams watchlist Login
Open Login

The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute an XSS attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Community Edition: versions 8.1.0 and below, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Tibco ≫ Jasperreports Server SwPlatformaws_marketplace Version <= 8.0.2

Tibco ≫ Jasperreports Server SwPlatformmicrosoft_azure Version <= 8.0.2

Tibco ≫ Jasperreports Server SwEdition- SwPlatform- Version <= 8.0.2

Tibco ≫ Jasperreports Server SwEditioncommunity Version <= 8.1.0

Tibco ≫ Jasperreports Server SwEditiondeveloper Version <= 8.1.0

Tibco ≫ Jasperreports Server Version8.1.0 SwPlatformaws_marketplace

Tibco ≫ Jasperreports Server Version8.1.0 SwPlatformmicrosoft_azure

Tibco ≫ Jasperreports Server Version8.1.0 SwEdition- SwPlatform-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.46%	0.634

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.4	1.7	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
security@tibco.com	8.4	1.7	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.tibco.com/services/support/advisories

Vendor Advisory

https://www.tibco.com/support/advisories/2022/12/tibco-security-advisory-december-13-2022-tibco-jasperreports-server-cve-2022-41562

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-41562

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-41562

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-41562

EUVD